Permissions for shared libraries in Kerberos

Robbie Harwood rharwood at
Wed Nov 18 15:37:42 EST 2020

Ken Hornstein <kenh at> writes:

> I have been working on packaging up our Kerberos code into a RPM (to
> upgrade our ancient dusty old Kerberos RPMs), and I had been running
> into a problem where shared library dependencies were not being
> processed properly.  More specifically, the executables were saying,
> "hey, I depend on", but the RPM wouldn't ever figure
> out the shared library PROVIDED "", so you'd get a
> bunch of unresolved dependencies.  We had this same problem with our
> ancient old dusty Kerberos RPMs, but I wanted to fix this correctly
> for once.
> Fast forward a distressingly large number of late-night hours later
> digging into the guts of RPM, the reason for this is simple.  The
> automatic dependency scripts only extract symbols from shared
> libraries if they have the execute bit set, and MIT Kerberos installs
> all of the shared libraries as mode 644.

Fedora seems to take care of this transparently - I don't have any
special logic to mark them executable.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
Url :

More information about the krbdev mailing list